By Nathalie Voit
Popular blockchain computer game Axie Infinity became the target of a massive security breach that saw over $615 million funds drained from its Ronin Network on March 23, according to a blog post released by Ronin this week.
“There has been a security breach on the Ronin Network,” Ronin said on March 29. “Earlier today, we discovered that on March 23, Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised, resulting in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transactions (1 and 2). The attacker used hacked private keys in order to forge fake withdrawals.” The attack was discovered Tuesday morning after a player was unable to withdraw his 5,000 ether from the bridge, Ronin said.
The gaming network said it is working with law enforcement officials, forensic cryptographers, and investors to recover the stolen USDC (a digital stablecoin pegged to the U.S. dollar) and Ethereum funds. Users cannot withdraw or deposit funds on the Ronin Network for the moment.
On March 30, the company confirmed the attack was socially engineered and the product of an external breach. Axie Infinity also confirmed the incident on its official Twitter account.
The Axie Infinity hack may be the largest decentralized finance (DeFi) hack to date. Before the incident, only the $611 million Poly network DeFi heist was comparable in size and scale.
The incident shines massive doubt on the security of so-called “bridge software” (the online exchange mechanism for cryptocurrencies used in the game) and the state of crypto in general.
According to a report from blockchain analytics firm Chainalysis published on Jan. 6, roughly $2.2 billion in cryptocurrency was stolen from DeFi platforms in 2021 alone, an increase of 1,330% from 2020. Out of the $3.2 billion in crypto stolen, nearly three-quarters of it (72%) originated from DeFi protocols, Chainalysis said.
“DeFi is one of the most exciting areas of the wider cryptocurrency ecosystem, presenting huge opportunities to entrepreneurs and cryptocurrency users alike,” Chainalysis wrote in its annual Crypto Crime report.
“But DeFi is unlikely to realize its full potential if the same decentralization that makes it so dynamic also allows for widespread scamming and theft.”
Ronin said most of the hacked funds are still on the hacker’s wallet, which can be viewed here.